package com.itemdoc.organ.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * spring Security安全配置
 */
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.headers().frameOptions().disable();
		http.csrf().disable().authorizeRequests()
				// 所有用户均可访问的资源
				.antMatchers("/file/**","/sysuser/**", "/Jasypt/encrypt/**", "/logo.ico", "/css/**", "/fonts/**", "/js/**",
						"/img/**", "/index", "/upload", "/download", "/error", "/Sms/**")
				.permitAll()// 这些链接不被拦截及不被保护
				.anyRequest().authenticated().and().formLogin().loginPage("/login")// 登陆页面
				.permitAll().successHandler(loginSuccessHandler()).and().logout().logoutUrl("/logout")// 登出页面
				.logoutSuccessUrl("/login")// 登出后页面
				.permitAll().invalidateHttpSession(true)// 清除SESSION
				.deleteCookies("JSESSIONID");// 清cookies
	}

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		
	}

	@Bean
	public LoginSuccessHandler loginSuccessHandler() {
		return new LoginSuccessHandler();
	}
}